General
-
Target
Latite Client_FixedV6.exe
-
Size
89KB
-
MD5
a4fae769c25036407dcca7de54618f0a
-
SHA1
3d5eb6eae3afa1edc8a3b4773510d39e0bc60115
-
SHA256
16f73853793387ba28f0188eefaeb86ba516c4406a5ae4a17d0e3c9580468e28
-
SHA512
3c27a3e88ea49d4f246996694052bc9c0287d225adf2774ecd721d0cf61273a3f3e319a7ad9b23a8cb4f248f604cd994dd3300a9a7224a3de90a88c4f5ae07f3
-
SSDEEP
1536:muC4AIYh3jJPC/JBUo42b8qVkCRvWD+CJ60PZPOK/gVd1e1YGqE:DfAszfb5VHvWVP5OK/gRXLE
Malware Config
Extracted
xworm
pretty-dressed.gl.at.ply.gg:64028
-
Install_directory
%ProgramData%
-
install_file
USB.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Latite Client_FixedV6.exe
Files
-
Latite Client_FixedV6.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 82KB - Virtual size: 82KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ